One of the features Symas built into its Connexitor software (back in 2000, based on OpenLDAP 2.0) was the ability to perform modifications inline with a search request. Back then we used back-perl tweaked heavily to accomplish it. Having an ability to do batch modifies would be pretty useful in general. It's a feature that's commonly used in SQL as well.
One way to do this in modern LDAP would be to define a batchModify control, to be sent with a Search request. The controlValue would contain a sequence of modOps, like a Modify request, but without the rest of the request body. For each entry returned by the Search request, the modOps would be applied to the entry before returning it. A response control would be attached to each entry, giving the result code for the modification attempt on that entry. Anyone interested in implementing this as an overlay? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/